Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using Common Ports & Security Issues

    Firewalling
    5
    8
    687
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bambos
      last edited by

      Hello everyone,

      i just started setup a new pfsense device and for test purposes, i run a wizard for OpenVPN Remote Access setup. So the wizard open the 1194 port to the WAN.

      After some minutes, i notice on the firewall logs some PASS logs from unknown IP's on the port 1194. To my understanding someone sniff the traffic and saw the usage of 1194, so try to connect (maybe bruteforce) the key and password? I don't know...

      What will be your explanation and what can i do to reduce this security risk ? Thank you.

      KOMK V GertjanG 3 Replies Last reply Reply Quote 0
      • KOMK
        KOM @Bambos
        last edited by

        @bambos I very much doubt that somebody sniffed your traffic and are now trying to brute-force your VPN. That is very hard to do on a modern VPN implementation. They would need to have your certificates, server certs and TLS keys.

        If you are setting up your pfSense to be an OpenVPN server then you need an Allow rule on WAN so that remote clients can connect to you. The wizard creates that rule for you. Now that WAN has an open port, you are going to see traffic from bots scanning the Internet all day every day. You can't waste your time trying to block every port-scan. Trust your security.

        1 Reply Last reply Reply Quote 1
        • V
          viragomann @Bambos
          last edited by

          @bambos said in Using Common Ports & Security Issues:

          what can i do to reduce this security risk ?

          Use SSL client certificates, a server TLS key and strong user passwords. Enforce "Strict User-CN Matching".

          1 Reply Last reply Reply Quote 1
          • GertjanG
            Gertjan @Bambos
            last edited by

            @bambos said in Using Common Ports & Security Issues:

            ... and what can i do to reduce this security risk ?

            Take 7 and a half minute, have a look at this video, and you'll be fine.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            KOMK B 2 Replies Last reply Reply Quote 1
            • KOMK
              KOM @Gertjan
              last edited by

              @gertjan I didn't realize they were making videos again. I stopped looking when the Hangouts stopped 2 years ago and they started releasing TNSR videos.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @KOM
                last edited by johnpoz

                If your application is not secure, changing the port used is not going to "secure" it..

                Common phrase used is "security through obscurity"

                But there are reasons why you might want to run an application on different port than its standard one.

                One might be circumvention of a restriction. Maybe your isp doesn't allow for inbound http (80) but they do allow for say 8080. So you can run your http on 8080 vs 80 and circumvent this restriction. Maybe your place of work does not allow 1194 out, but they do let for good reason tcp 443 out. So you could run your openvpn server on tcp 443 vs udp 1194, etc. etc..

                Another is reduction of log spam or general exposure.. While changing the port doesn't really make application X any more "secure" it might reduce the amount of spam in your log. Common port for ssh is 22, and simple look at your log will show a fair amount of unsolicited traffic to that port I am sure. While running it on 2222 might reduce the amount of the traffic that is allowed or logged depending on your logging setup. So while this doesn't really make your application any more secure - it can reduce the amount of traffic it actually sees... So say verses seeing 100 login attempts in your ssh server log a day, maybe you only see 20?

                From a security point of view - just because you changed its port doesn't make it any more secure.. Still open to exploit xyz, etc. But your logs are less cluttered with junk.

                And while you might feel that 20 hits per day is more secure than 100.. Keep in mind that any advantage however minor it might be also come with a cost. Your clients must now know that they need to use 2222 vs 22, and the client they are using will have to be adjusted. And possible that where they are at don't allow outbound 2222 but they do allow 22, etc.

                Any form of attempting to make something more "secure" is almost always going to come with some sort of cost. Be it complication of setup, be it users interaction with the service, be it the ability to access from ABC, etc. etc.

                I for example do not run my plex server on the standard external port of 32400. I use a different port - not that this makes my plex server any more secure. But it does allow me to clearly identify unwanted traffic to my plex, vs my users in the log.

                Its up to you if changing the port works for your needs. Just be clear in the understanding running application X on port B vs A doesn't magically make it "secure". I wouldn't change a port for the sake of changing it thinking it "helps" in the overall security of the application. But I would change it in conjunction with other aspects where the benefits make doing something viable or easier to accomplish or manage or monitor.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                B 1 Reply Last reply Reply Quote 0
                • B
                  Bambos @johnpoz
                  last edited by

                  @johnpoz thanks a lot for your comments and explanation. Is much appreciated.

                  1 Reply Last reply Reply Quote 0
                  • B
                    Bambos @Gertjan
                    last edited by

                    @gertjan thanks a lot Gertjan for the video.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.